[Bug 11281] New: FW: [FG-VD-18-127] VMware ESXi Command Injection Vulnerability Notification

bugzilla at busybox.net bugzilla at busybox.net
Wed Sep 5 21:22:25 UTC 2018


            Bug ID: 11281
           Summary: FW: [FG-VD-18-127] VMware ESXi Command Injection
                    Vulnerability Notification
           Product: Busybox
           Version: unspecified
          Hardware: All
                OS: Linux
            Status: NEW
          Severity: major
          Priority: P5
         Component: Other
          Assignee: unassigned at busybox.net
          Reporter: z.yang at hotmail.com
                CC: busybox-cvs at busybox.net
  Target Milestone: ---


I am forwarding this finding because the vulnerability seems exists in the
busybox. I’d like to confirm if it is a known issue.

I have tested it with busybox 1.28.1 (this is the latest binary I can find from
https://busybox.net/downloads/binaries/) and executed the PoC in a simplest
Linux at
(From https://bellard.org/jslinux/index.html).

The details are encrypted with Denys’ public key

I've emailed to busybox at busybox.net, but no respond. So I created this bug.

Thanks for your time,

You are receiving this mail because:
You are on the CC list for the bug.

More information about the busybox-cvs mailing list